#!/usr/bin/env php
<?php
/**************************************************************************
 *
 *   Copyright 2010 American Public Media Group
 *
 *   This file is part of AIR2.
 *
 *   AIR2 is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation, either version 3 of the License, or
 *   (at your option) any later version.
 *
 *   AIR2 is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with AIR2.  If not, see <http://www.gnu.org/licenses/>.
 *
 *************************************************************************/

require_once 'app/init.php';
require_once APPPATH.'../tests/Test.php';
require_once APPPATH.'../tests/AirHttpTest.php';
require_once APPPATH.'../tests/AirTestUtils.php';
require_once APPPATH.'../tests/models/TestUser.php';
require_once APPPATH.'../tests/models/TestOrganization.php';

define('MY_TEST_PASS', 'fooBar123.');

plan(12);

AIR2_DBManager::init();

// Create 4 users in 3 different orgs.
$users = array();
$count = 0;
while ($count++ < 4) {
    $u = new TestUser();
    $u->user_password = MY_TEST_PASS;
    $u->save();
    $users[] = $u;
}

// test Orgs
$orgs = array();
$count = 0;
while ($count++ < 3) {
    $o = new TestOrganization();
    $o->save();
    $orgs[] = $o;
}

$orgs[0]->add_users(array($users[0]));
$orgs[0]->save();
$orgs[1]->add_users(array($users[2]), 3);  // 3==WRITER
$orgs[1]->save();
$orgs[2]->add_users(array($users[3]));
$orgs[2]->add_users(array($users[1]), 3);  // WRITER
$orgs[2]->save();

// clean up any old data

$q = AIR2_Query::create();
$q->delete('Project p');
$q->where('p.prj_name = ?', 'authz-unit-test-test123');
$q->execute();
$q = AIR2_Query::create();
$q->delete('Inquiry i');
$q->where('i.inq_title = ?', 'authz-unit-test-test123');
$q->execute();


$project = new Project();
$project->prj_shared_flag = 0;
$project->prj_name = 'authz-unit-test-test123';
$project->prj_display_name = 'test project 123';
$project->add_orgs( array( $orgs[1], $orgs[2] ) );
$project->save();

$inquiry = new Inquiry();
$inquiry->inq_public_flag = 0;
$inquiry->inq_title = 'authz-unit-test-test123';
$inquiry->inq_ext_title = 'test inquiry 123';
$inquiry->add_projects(array($project));
$inquiry->save();

// actual tests
is( $inquiry->user_may_write( $users[0] ), AIR2_AUTHZ_IS_DENIED,
    "user cannot create new Inquiry for Org to which they do not belong");
is( $inquiry->user_may_write( $users[2] ), AIR2_AUTHZ_IS_ORG,
    "user may create new Inquiry for Org in which they are a WRITER");
is( $inquiry->user_may_write( $users[3] ), AIR2_AUTHZ_IS_DENIED,
    "user may not create new Inquiry if they are not a WRITER in the assigned Org");
is( $inquiry->user_may_manage( $users[2] ), AIR2_AUTHZ_IS_MANAGER,
    "user who is contact for a Project an Inquiry belongs to may manage it");
is( $inquiry->user_may_manage( $users[3] ), AIR2_AUTHZ_IS_DENIED,
    "users[3] may not manage Inquiry where they cannot even write");

// query authz
$q = AIR2_Query::create();
$q->from('Inquiry i');
Inquiry::query_may_read($q, $users[0]);
is($q->count(), 0, "users[0] may not see inquiry with unshared parent Project");

$q = AIR2_Query::create();
$q->from('Inquiry i');
Inquiry::query_may_read($q, $users[2]);
is($q->count(), 1, "users[2] may read inquiry since they belong to parent Project");

$q = AIR2_Query::create();
$q->from('Inquiry i');
Inquiry::query_may_read($q, $users[3]);
is($q->count(), 1, "users[3] may read inquiry since they belong to parent Project");

$q = AIR2_Query::create();
$q->from('Inquiry i');
Inquiry::query_may_write($q, $users[2]);
is( $q->count(), 1, "users[2] may write to the project inquiry they are in");

$q = AIR2_Query::create();
$q->from('Inquiry i');
Inquiry::query_may_write($q, $users[3]);
is( $q->count(), 0, "users[3] may not write to shared project inquiries"); // TODO rules are not clear on this

$q = AIR2_Query::create();
$q->from('Inquiry i');
Inquiry::query_may_manage($q, $users[2]);
is( $q->count(), 1, "users[2] may manage project inquiries where they are primary contact");

$q = AIR2_Query::create();
$q->from('Inquiry i');
Inquiry::query_may_manage($q, $users[3]);
is( $q->count(), 0, "users[3] may not manage shared project inquiries"); 


// clean up
$project->delete();
$inquiry->delete();
